Register now for better personalized quote!

Data on ransomware attacks is 'fragmented and incomplete', warns Senate report

May, 25, 2022 Hi-network.com
Image: iStock

The government lacks comprehensive data on ransomware attacks and suffers from fragmented reporting, according to a new US Senate committee report. 

The 51-page report from the Senate Homeland Security and Governmental Affairs Committee calls on the government to swiftly implement new mandates for federal agencies and critical infrastructure organizations to report ransomware attacks and payments to attackers. 

Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

The 10-month investigation, which focussed on the role of cryptocurrency in ransomware payments, found that reporting on attacks is "fragmented and incomplete", in part because the FBI and Cybersecurity and Infrastructure Security Agency (CISA) both claim to have the "one stop" website for reporting attacks -respectively, IC3.gov and StopRansomware.gov. 

SEE:Microsoft warns: This botnet has new tricks to target Linux and Windows systems

Since the investigation began, the US has introduced several new laws to improve ransomware incident reporting and data collection, including the Cyber Incident Reporting Act of 2021, which passed the Senate in March, 2022 under the Strengthening American Cybersecurity Act. 

The new laws require critical infrastructure organizations to report cyberattacks to CISA within 72 hours and ransomware payments within 24 hours. 

CISA said in March it would immediately share incident reports with the FBI, but the investigation found shortcomings with this arrangement. 

"While the agencies state that they share data with each other, in discussions with committee staff, ransomware incident response firms questioned the effectiveness of such communication channels' impact on assisting victims of an attack," the report states. 

Beyond the dual reporting functions of the FBI and CISA, there are sector-specific reporting regimes under Treasury's FinCEN, the Transport Security Administration, and the Security and Exchange Commission, as well as reporting through FBI field offices, and some state governments.

"These agencies do not capture, categorize, or publicly share information uniformly," the report notes. 

It notes that the FBI's IC3 figures on ransomware are believed by experts to be a "subset of a subset" of data. The FBI admits its ransomware data in its annual IC3 report is "artificially low" as victims only voluntarily report incidents to the FBI. Meanwhile, FBI field offices that do collect ransomware victim reports lose contact with about 25% of victims during follow-up investigations.   

FinCEN would like improved reporting of financial information related to ransomware attacks to give it better actionable data about the laundering of cryptocurrency ransoms, it notes. 

The lack of comprehensive data impedes US responses through sanctions, law enforcement and international partnerships, as well as private sector contributions to ransomware recovery, the report said. 

SEE:What is ransomware? Everything you need to know about one of the biggest menaces on the web

The report calls on federal agencies to immediately implement the requirements under the incident reporting acts to share all incident reports with CISA "to enable a consolidated view of incidents from across different sectors and reported under different regulatory regimes."

The report also stresses that ransomware data collection is also critical for US national security, especially in the context of Russia's invasion of Ukraine. 

"As Russia's invasion of Ukraine continues and Russia seeks to find ways around the international finance system, the need to address these shortfalls grows. Approximately 74 percent of global ransomware revenue in 2021 went to entities either likely located in Russia or controlled by the Russian government," the report notes. 

"Further, CISA and other federal agencies have warned that Russia's invasion of Ukraine could lead to additional malicious cyber activity, including ransomware attacks, in the United States. Therefore, as the report finds, prioritizing the collection of data on ransomware attacks and cryptocurrency payments is critical to addressing increased national security threats." 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.